A blog which tries to demystify computer security, point out the half-truths and misinformation which floats around about this subject and hopefully reduce the hype created by semi-informed people. It also has some useful tips from time to time.

First time here? I hope that you find something interesting and useful. Check out the most popular pages or the categories I most frequently post in:

the separation in processes makes killing of errant pages / plugins and recovery much easier

WinZip password collision. WinZip (or more precisely: zip) supports many encryption methods, some of them very weak (like the original one described here) and some of them industry grade (AES). The drawback of this diversity is that not all zip/unzip programs support all of the algorithms, so (IMHO) you are better off using unencrypted zips or something like 7zip (Open Source and free) when encryption is needed.

From Gadi Evron: Introducing yourself. This was always a problem for me. How do you explain m malware researcher to a lay person?

Via the Dynamoo blog: "eval(function(p,a,c,k,e,r)" - in fact this is a legitimate JS packer which is being used on sites such as CNet. However, to any prospective user of such methods, my advice is the same as in the case of executable packers: it very probably degrades performance, makes your script look more suspicious (thus causing problems for users with AV / IDS products) and is not more effective than javascript minification combined by transparent gzip compression (which is supported by 99.99% of browsers).